Slashdot Mirror
UK Government Wants a Backdoor Into Windows
REBloomfield writes "The BBC is reporting that the British Government is working with Microsoft in order to gain backdoor access to hard drives encrypted by the forthcoming Windows Vista file system. Professor Anderson, professor of security engineering at Cambridge University, urged the Government to contact Microsoft over fears that evidence could be lost by suspects claiming to have forgotten their encryption key."
Oh, and there are a few people who also consider encryption a matter of freedom of speech.
Funny the U.S. government targets Phil Zimmermann for three years but hardly raises so much as an eye when an encryption enabled OS is distributed. From Mr. Zimmermann's homepage: I think that his "criminal activity" was creating an encryption tool that allowed messages to be encrypted beyond what the United States government was capable of deciphering in a timely manner. Does anyone know if this is still enforced? Does anyone know what the max key length is now if it is? I think it was something like 128 bits (that the government could crack) around the time of PGP.
My work here is dung.
Let them try.
We have alternatives.
http://www.truecrypt.org/
Internet Explorer will offer all the back door access they need
... until the crack is published :)
(sadly this is more insightful than funny)
\u262D = \u5350
Laziness, ignorance; the same that prevents them from using encryption now.
-- Sorry, I can't think of anything funny to say here.
This is that definition of "lost" that appeared in the late 20th century. It's akin to the money that the music industry is "losing" due to file sharing. The evidence is not lost, it is as yet, undiscovered, and in any civilized country, we would not assert that there WAS any evidence unless we could actually see it. In the U.K., however, they actually have a law that says that you have to reveal your secret keys to the authorities with no provision for simply not knowing them. You can be convicted of the crime of having white-noise on your disk that authorities assert is encrypted data to which you are refusing to reveal the key. Heck, you could be convicted of a crime for not divulging the key to /dev/random, which is clearly some secret message channel from an unknown party, since messages arrive from it in small bursts!
In the end, the bad guys will use real encryption and the backdoor won' effect them. It will only serve as a security risk for legitimate users.
-Eric
SJW: Someone who has run out of real oppression, and has to fake it.
If governments force a backdoor to be installed, it'll be for sale to crackers before the gold masters are pressed, and common knowledge a few weeks later. So "trusted computing" can be subverted using the govt master key. And anyone who actually wants to keep secrets will install somethng that works while not requiring a magic dongle on the mobo. The govt will be able to read data from clueless suspects as they do now. So a win all round. And who doesn't suspect MS would leave backdoors anyway?
I don't really see why the need this anyway.
The government has the RIP Act (Regulation of Investigatory Powers Act 2000) which allows them to detain you, with a press gagging order if you refuse to hand over the encryption key they need to decrypt your data. If you refuse or claim you have forgotton and they don't believe you, then it's two years in gaol for you sonny jim.
They only really got this into law because most people don't understand it. Oh and don't forget that since this government came to power the amount of time they can hold you, uncharged, under the terrorism act has gone from 7 to 28 days... and the police want 90! Yes ninety days, 3 months, 2160 hours!
How about making governments install a keylogger before they seize the computer? Hardware or software, it would go in the old tradition of installing a telephone tap. It's not that hard either. Did the government demand that paper notebook makers supply a backdoor so they could decipher drug accounts written in code?
You should not be able to read the files without logging into the computer with your password and/or other identification token.
After logging in, the files are accessable. But not before. Someone who just swipes your PC would boot into Windows but would be unable to read any data files, even with a seperate boot CD. That's the whole idea.
But if the government adds a backdoor, you can bet that a hacker (white or black hat) would find it as well, probably within a few weeks of the OS being out. Thus making the encryption useless.
The whole government complaint is useless anyway because for all they know people can be using deniable encryptionn schemes *today* and they'd never even know about it.
Since when does the government have a right to all evidence in any case? One aspect of English law that I thought existed, is that the people should be protected from the government (particularly from self-incrimination). One could reasonably argue that the average citizen needs the availability of government-inaccessible encryption, due to the decreased cost (in terms of time and manpower) required to search through computer records vs. paper records. Current computers, and the massive amounts of data that they store (internet cookies, browsing history, cache data, registry entries, etc.) make fishing expeditions much, much, easier on law enforcement than sifting through physical documents and interviewing co-workers and family.
I recall some years ago, someone found supposedly secret NSA backdoor keys buried in Windows98. I don't recall if it was actually proven, but I would not be surprised if the NSA already has backdoor keys in 98/ME/XP and now Vista. Now the British Government wants their turn. Where will it end? Once MS bows to the British, surely other governments will also demand backdoor keys. Who decides which of those governments get it?
Sooner or later, other organisations (like the RIAA and the MPAA) will also want their keys too (if they don't already have them thanks to their DRM chips). Where will MS draw the line? I highly doubt MS would be very open about how many different governments or other organisations really have backdoor keys.
It is easy for us to say that we'll never use it, or that there are other options out there, but I'm more worried for less computer savvy members of the public who think they are buying a secure system. I know most of those users will never use encryption, but this will set another precident that will further erode all of our rights.
No, it's stored on the PostIt note on the monitor.
Using HTML in email is like putting sound effects on your phone calls. Just say <strong>no</strong>.
Sorry, cheap jibe.
This is amazing - especially when the idea is being promoted by a 'Professor of Security Engineering' at a reputable university. How can adding a backdoor to security systems be anything other than a massive weakness just waiting to be exploited?
Imagine if this went ahead - the British government would want access to versions of Windows sold in this country, the American government to US copies of Windows, the German government ... and so on and so on... Would Microsoft allow the Chinese government access to their citizens' disks? The Chinese government are signed-up members of The War Against Terror - so they could claim they need access, and besides recent experience says that big businesses will always accommodate governments no matter how repressive.
And it gets worse. Microsoft would either have to make a single key that would open every machine in the World; or they would have to issue copies of all the keys to every government - the British government won't accept not being allowed into a suspected terrorist's (and we have a splendidly wide definition of 'terrorist' in this country) computer purely because the suspect happens to be foreign.
But it will all supposedly remain secure and not fall into the hands of wrong-doers.
The Home Office, IT and Microsoft - what an unholy trinity we have there. With this level of stupidity the legislation can't be far off.
Why in the world would they have to boot your computer simply to read your hard drive?
Because all the sectors on my hard drive are encrypted on the fly. When you read it directly in other computer all you get is nearly random gibberish. There's not even a proper filesystem on it. Only after you mount it giving my long and convoluted passphrase the OS decrypts the sectors on the fly, so you can read the files. Switch the power off, reboot my machine or unmount the partition and there is no way to access my data again.
Is that easier to grok?
Robert
Bastard Operator From 193.219.28.162
...the TrueCrypt binaries alone in your possession then every piece of digital media you own that appears to contain random bytes will be accused of holding an encrypted volume and they will torture out of you whatever they want to hear you say.
Oh wait, I forgot... civilized Western nations never commit torture upon their subjects.
It's worth noting that harm can come not only from data being revealed under coercion, but also from data becoming unavailable.
If terrorists or an oppressive government take your computer and hard drives away, anyone who depends on that data is very much out of luck.
For this reason, local encrypted filestores and plausible deniability are only part of the puzzle. Quite a lot more is required, in particular cryptographic online distribution.
A comprehensive solution will need to use a large population of fixed size raw dataspaces spread across the net, instead of local disks. Quite likely, it would be stored steganographically 1:<large-N>:1 so that (for example) changing webcam images could be used as repositories. And it will need cryptographically-random access for site selection and dataspace selection and to individual bits in the dataspaces. And it'll need huge redundancy since the online storage will be inherently unreliable, yet without laying the scheme open to pretty simple differential cryptoanalysis.
That's a very tall order.
You know what the secret code for the backdoor to encrypted data on a harddrive running Vista is gonna be, don't you?
Up-Up-Dn-Dn-Lt-Rt-Lt-Rt-A-B-A-B-Ctrl-Enter
Support the FairTax
In addition, you'd want a system whereby you could enter a distress password, and unlock one level of security, while at the same time transparently destroying data, from the most secure level on upwards. So let's say you had three levels of encrypted data. The first layer is just some dodgy pictures of you and your wife. The second contains some emails showing you were evading taxes. The third is whatever you really want to protect.
For each level there are two passwords, one which will unlock it as normal, and another which will unlock it, and also begin a routine which will start securely erasing the third level data, then the second level, and then the first level + OS, and maybe trigger a lump of thermite sitting on top of the RAM for good measure. Or maybe it would be better just to get rid of the third level silently, so that it's as if it never existed. That's probably healthier, on second thought.
So that after you provide a good show of resisting giving out the password, you hand over the 'distress' one and let them have fun getting through the first level of junk data, while at the same time the system is slowly eating away at the stuff you really don't want, down on the third level.
You could even set it up so that the mal-effects caused by the distress passwords increase as you move through the levels of security. The distress password on the first level of security just starts the "silent erase" mechanism. The distress password on the second level speeds it up at the cost of less subtlety (because obviously they're getting closer to the actual data, so you need it gone faster). The distress password on the third level physically destroys the system in some sort of obvious (but quick) fashion. That way you're almost guaranteed not to compromise the data, but you also don't have to necessarily compromise yourself, unless they're really close to getting the stuff.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Worth pointing out that keyloggers are exactly the route that the FBI here in the US has taken:
http://www.epic.org/crypto/scarfo.html
That's US v. Scarfo; basically a mobster was using PGP to encrypt his communications and rather than breaking the encryption the hard way, the investigators got a warrant to install a keylogger. I'm not sure exactly how they did it, but I'm pretty certain that it was a hardware device implanted in the keyboard, rather than software. (The warrant they got was pretty much a blanket thing, approval for 'hardware, software, and firmware as necessary...') However they didn't divulge the exact methodology in the trial, because they successfully claimed an exemption under the Classified Information Procedures Act.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
Institutions such as NIST test the implementations of the algorithms, then the program either gets certified or not.
The problem is that without certification, we do not know whether what they've implemented is what they think they've implemented*.
The point is that they might use some obscure algorithm nobody knows - which has no guaranteed strength; thus one cannot rely on it. They can also implement standard algorithms such as AES or DES - but were they correctly implemented?
Sure - "why don't you take the sources and look at them yourself?" some might say, but is everybody competent enough to do that?
On the other hand, implementing something and then certifying it, means that:
[a] it was done right
[b] it is as strong as the standard says
In the case of encryption, the strength is in the key itself and in the mathematical basis of the algorithm, NOT in the obscurity of the mechanisms applied within the software.
One minor thing - NIST certification is expensive, I doubt TrueCrypt will pass it, unless some company pays for this. Commercial encryption software is a different thing, if they want to be treated seriously, they must go for it. An example is Private Disk.
* an old saying:
The saddest poem
I'm not sure about the UK, but in the USA, wouldn't this be a 5th amendment rights issue?
The summary states that this black hole is desirable for "fears that evidence could be lost by suspects claiming to have forgotten their encryption key", but why would a suspect have to say they lost their encryption key? Why not just plead the 5th?
The 5th amendment states: "No person shall [...] nor shall be compelled in any criminal case to be a witness against himself [...]"
I honestly do not believe that the contents of a person's hard drive falls into the same category of evidence as eye witnesses or DNA. A personal computer's hard drive, particularly one with an encrypted file system, is effectively an extension of that person's memory and hence any data extracted from it seems very much like testifying against oneself.
http://brandonbloom.name
Sounds to me more like the good guy is making a really smart play. Note that it looks like he sort of slipped this in as an aside, since he was really giving evidence about "holding terrorist suspects without charge". Talk about pushing all the right buttons on the govt. machine.
If you are an opponent of TCG / TPM / DRM it is really quite beautiful. As far as I can see it is something like:
"Hey Mr. Government Committee, while you're asking me about terrorist suspects you might want to note that this new TPM / DRM stuff coming real soon from MS/**AA now will make it virtually impossible for you to get info off suspects' PCs. Oh, and the PCs are setup that way by default so no chance of using that fact against suspect. Also, you know that law you fought so hard for where you can jail people for not handing over encryption keys ? - well with this new stuff the key's in hardware and the suspect never has it. If you're worried by this, then maybe you should speak to these guys about crippling the tech..."
Aim big nasty government machine at big nasty corporate machine, stand well back...
Sweet.